[Servercert-wg] VOTING BEGINS: Ballot SC39v3: Definition of Critical Vulnerability
Wojciech Trapczyński
wtrapczynski at certum.pl
Thu Feb 4 09:38:50 UTC 2021
Certum votes YES on ballot SC39v3.
W dniu 02.02.2021 o 15:29, Neil Dunbar via Servercert-wg pisze:
> Resend: adding the ballot title to the mail thread.
>
> On 02/02/2021 14:15, Neil Dunbar via Servercert-wg wrote:
>>
>> Colleagues,
>>
>> This begins the voting period for ballot SC39v3: Definition of
>> Critical Vulnerability.
>>
>> The following motion has been proposed by Neil Dunbar of TrustCor and
>> endorsed by Ben Wilson (Mozilla) and Corey Bonnell (DigiCert).
>>
>> -- MOTION BEGINS --
>>
>> This ballot modifies the “Network and Certificate System Security
>> Requirements” based on Version 1.5.
>>
>> Under the section “Definitions”:
>>
>> Remove the current definition:
>>
>> Critical Vulnerability: A system vulnerability that has a CVSS score
>> of 7.0 or higher according to the NVD or an equivalent to such CVSS
>> rating (see http://nvd.nist.gov/home.cfm), or as otherwise designated
>> as a Critical Vulnerability by the CA or the CA/Browser Forum.
>>
>> Insert a new definition:
>>
>> Critical Vulnerability: A system vulnerability that has a CVSS v2.0
>> score of 7.0 or higher according to the NVD or an equivalent to such
>> CVSS rating (see https://nvd.nist.gov/vuln-metrics/cvss), or as
>> otherwise designated as a Critical Vulnerability by the CA or the
>> CA/Browser Forum.
>>
>> -- MOTION ENDS --
>>
>> * WARNING *: USE AT YOUR OWN RISK. THE REDLINE BELOW IS NOT THE
>> OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):
>>
>> A comparison of the changes can be found at:
>>
>> https://github.com/cabforum/servercert/compare/2b7720f...neildunbar:61fd381?diff=split
>>
>>
>> This ballot proposes one Final Maintenance Guideline.
>>
>> The procedure for approval of this ballot is as follows:
>>
>> Vote for approval (7 days)
>>
>> Start Time: 2020-02-02 1700 UTC
>> End Time: 2020-02-09 1700 UTC
>>
>> Regards,
>>
>> Neil
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3765 bytes
Desc: Kryptograficzna sygnatura S/MIME
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210204/48eb076b/attachment.p7s>
More information about the Servercert-wg
mailing list